Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kyithuaung
Participant

IPS Blade is not responding issue is often

I facing IPS blade is not responding issue is often.Please see the attached file for issue. I facing that issue about three times a month.I know SK to solve that.Please see SK sk163752.The first three times I resolved it.This time, doing so with SK is not a solution. Issue is solved cpstop;cpstart (not described in SK). I have a question is Why it happens so often. I have a check point firewalls 8 Nos in my network, but the current issue is firewall 2 Nos. How to solve it? Why does it happen so often? 

0 Kudos
4 Replies
Timothy_Hall
Champion
Champion

The status for all blades including IPS is pulled from the cpd daemon running on the gateway.  Anything interesting in $CPDIR/log/cpd.elg on the gateway around the time of the last IPS status failure?

It also possible that fwd may be involved with reporting the status of the IPS blade, which did not have its own individual status reporting until R80.20, so may want to look in $FWDIR/log/fwd.elg as well around the time of the issue.

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
kyithuaung
Participant

Hello Timothy_Hall,

Thanks for your reply. I would like to ask you one question. Can I restart IPS service only instead of cpstop;cpstart? or How to resolve this issue? If can, please kindly support to me command or guide line because of I have to traffic swing and make a changed request in operation when I do cpstop;cpstart.

0 Kudos
Timothy_Hall
Champion
Champion

IPS is completely implemented inside the INSPECT engine so there is no process to restart.  When the status isn't working you could try these commands and see if they shake it loose:

ips bypass on;ips bypass off

ips off;ips on

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
the_rock
Authority
Authority

I had customer couple years back with this exact issue and problem went to escalations team in TAC and they ended up opening R&D task and sadly, nothing came out of it, so the best suggestion we ended up getting was to do cpstop;cpstart to fix it, which we knew even before the case was opened.

If I ever see this now days, I just assume its cosmetic, because the the next day, it usually shows ips was updated.

0 Kudos